Redmond has released this month’s Patch Tuesday security updates. A total of 8 different bulletins aim to fix bugs in Windows, Internet Explorer and Office. Three of them are labeled as Critical, while the remaining five are Important.
The three Critical patches take care of vulnerabilities found in both Windows and Internet Explorer, and one of these also fixes the zero-day flaw that was recently discovered in the browser.
This particular flaw was made public over the weekend, with attacks being reported. MS13-090 repairs the remote code execution issue in ActiveX control. Microsoft details this:
“The code execution occurs at the level of the logged on user, so non-admin users would face less of an impact. The remote code execution vulnerability with higher severity rating be fixed in today’s release and we advise customers to prioritize the deployment of MS13-090 for their monthly release.”
Internet Explore gets another clean sweep with the MS13-088 bulletin, which addresses ten privately reported vulnerabilities in the browser, the most severe of which, again, grants the attacker complete rights as the logged on user.
Finally, the good old WordPad also gets a look. A glitch in Windows that could be exploited by opening a compromised file in the program WordPad is fixed in MS13-089. Microsoft explains:
“The vulnerability could allow remote code execution if a user views or opens a specially crafted Windows Write file in WordPad. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.”
All updates are now being delivered to users via Windows Update, so make sure you deploy them as soon as you can, in order to stay on the safe side.